a cegar approach for stability verification of linear
play

A CEGAR Approach for Stability Verification of Linear Hybrid Systems - PowerPoint PPT Presentation

A CEGAR Approach for Stability Verification of Linear Hybrid Systems Miriam Garca Soto Co-authored work with Pavithra Prabhakar DARS 2017 1 Cyber-Physical Systems (CPSs) Systems in which software "cyber" interacts with the


  1. A CEGAR Approach for Stability Verification of Linear Hybrid Systems Miriam García Soto Co-authored work with Pavithra Prabhakar DARS 2017 1

  2. Cyber-Physical Systems (CPSs) Systems in which software "cyber" interacts with the "physical" world Medical Devices Automotive Robotics Aeronautics Process control Software controlled physical systems ✤ Automotive systems: Cruise control, lane assistants ✤ Medical Devices: Pacemakers, infusion pumps Critical aspects in CPS design ✤ Security Grand Challenge ✤ Reliability How do we build and deploy robust CPS? ✤ Safety 2

  3. Formal Verification Verification Certificate Model Model checker or Theorem prover Specifications Counterexample ✤ Models for Cyber-Physical Systems (Automata based) ✤ Robustness Specifications (Logic based) ✤ Verification Algorithms (Model checker) 3

  4. CPS Model 4

  5. Hybrid Control Systems Hybrid Systems capture one of the main features of CPS, the mixed continuous and discrete behaviour. Physical System x = f ( x, u ) ˙ Continuous dynamics y = h ( x ) y u Control Discrete dynamics u = g ( y ) 5

  6. Cruise control & automatic gearbox Gearbox Discrete Variable Gear Position q v = p r q T ˙ q = 1 , 2 , 3 , 4 M Continuous Variables v Error E = ( v d − v ) T, q Torque T Cruise control PI Control Discrete Control Continuous Dynamics K q Z 1 if v − v d = p i ω low ( v d − v ) dv q − p r τ q → q − 1 ˙ E = M T q v d 1 if v − v d = p i ω high T = K q ˙ q → q + 1 r E + K q E K q ( v d − v ) 6

  7. Hybrid Automata E = 1 E = 1 E = 1 ω high ω high ω high p 1 p 3 p 2 2 3 4 1 x = A 3 x x = A 1 x x = A 2 x ˙ x = A 4 x ˙ ˙ ˙ E = 1 E = 1 E = 1 ω low ω low ω low p 4 p 2 p 3 Trajectories Executions � to 4 � � to 3 � � to 2 � 3 2 1 T T x 3 x 2 x 1 E 0 E 0 x 0 � to 3 � � to 2 � � to 1 � 4 3 2 7

  8. CPS Specifications 8

  9. Specifications Stability : Small perturbations in the initial state or input to the system result in only small deviations from the nominal behavior Cruise control Robotic arm Bipedal robot walking ✤ Cruise control: stability with respect to the desired velocity ✤ Robotic arm: stability with respect to the set point ✤ Bipedal walking: stability with respect the periodic orbit 9

  10. Stability notions ✏ A system is Lyapunov stable with respect to the δ equilibrium point 0 if for every ε > 0 there exists δ > 0 such that for every execution σ 0 starting from B δ (0) , σ (t) ∈ B ε (0), for all time t. σ η A system is asymptotically stable with respect σ to the equilibrium point 0 if it is Lyapunov stable and there exist η > 0 such that every 0 execution σ starting from B η (0) converges to 0. f 2 f 2 f 2 f 3 f 1 f 3 f 1 f 3 f 1 f 4 f 4 f 4 Lyapunov Stable Asymptotically Stable Unstable 10

  11. Stability analysis challenges Linear dynamical systems y y Stability can be determined by eigenvalues analysis x x Stable Stable Linear hybrid systems y y Eigenvalue analysis does not suffice for switched linear system x x Stable Unstable 11

  12. State of the art: Lyapunov’s second method Continuous dynamics: If there exists a Lyapunov function for the system, then the system is Lyapunov stable x = F ( x ) ˙ Lyapunov function V ✤ Continuously differentiable V : R n → R + ✤ Positive definite V ( x ) ≥ 0 ∀ x x y V ( x ) = 0 i ff x = 0 Switched and hybrid systems: ✤ Function value decreases along any trajectory ✤ Common Lyapunov functions ∂ V ( x ) ∂ x F ( x ) ≤ 0 ∀ x ✤ Multiple Lyapunov functions 12

  13. Automated analysis Template based automated search ✤ Choose a template ✤ Encode Lyapunov function conditions as constraints ✤ Solve using sum-of-squares programming tools Shortcomings: ✤ Success depends crucially on the choice of the template ✤ The current methods provide no insight into the reason for the failure, when a template fails to prove stability ✤ No guidance regarding the choice of the next template Alternate approach CEGAR 13

  14. Counterexample Guided Abstraction Refinement (CEGAR) 14

  15. CEGAR for stability Property Concrete Abstract Yes System System Property Abstract Model-Check satisfied First CEGAR approach No for stability verification Abstraction Abstract Relation Counterexample of hybrid systems No Yes Property Refine Validate Analysis violated Results CEGAR framework Template based search ✤ Success depends crucially on the ✤ Systematically iterates over the choice of the template abstract systems ✤ The current methods provide no ✤ Returns a counterexample in the case insight into the reason for the failure, that the abstraction fails when a template fails to prove stability ✤ The counterexample can be used to ✤ No guidance regarding the choice of guide the choice of the next abstraction the next template 15

  16. Quantitative Predicate Abstraction 16

  17. Quantitative Predicate Abstraction f 2 u 1 u 2 f 3 f 1 u 3 u 4 f 4 Concrete system Facets F = { f 1 , f 2 , f 3 , f 4 } 17

  18. Quantitative Predicate Abstraction f 2 u 1 u 2 f 3 f 1 u 3 u 4 f 4 Concrete system Facets F = { f 1 , f 2 , f 3 , f 4 } 18

  19. Quantitative Predicate Abstraction f 2 f 2 u 1 u 2 f 3 f 1 f 3 f 1 ⇒ = u 3 u 4 f 4 f 4 Abstract system Concrete system Facets F = { f 1 , f 2 , f 3 , f 4 } 19

  20. Quantitative Predicate Abstraction f 2 f 2 u 1 u 2 f 3 f 1 f 3 f 1 ⇒ = u 3 u 4 f 4 f 4 Abstract system Concrete system Facets F = { f 1 , f 2 , f 3 , f 4 } 20

  21. Quantitative Predicate Abstraction f 2 f 2 u 1 u 2 f 3 f 1 f 3 f 1 ⇒ = u 3 u 4 f 4 f 4 Abstract system Concrete system Facets F = { f 1 , f 2 , f 3 , f 4 } An edge between facets indicates the existence of an execution. 21

  22. Quantitative Predicate Abstraction f 2 f 2 u 1 u 2 f 3 f 1 f 3 f 1 ⇒ = u 3 u 4 f 4 f 4 Abstract system Concrete system Facets F = { f 1 , f 2 , f 3 , f 4 } An edge between facets indicates the existence of an execution. 22

  23. Quantitative Predicate Abstraction f 2 f 2 2 u 1 u 2 2 f 3 f 1 f 3 f 1 ⇒ = 1 u 3 u 4 f 4 f 4 Abstract system Concrete system Facets F = { f 1 , f 2 , f 3 , f 4 } An edge between facets indicates the existence of an execution. Weights capture information about distance to the equilibrium point along the executions. 23

  24. Quantitative Predicate Abstraction f 2 f 2 3 1 u 1 u 2 3 2 f 3 f 1 f 3 f 1 ⇒ = − 1 1 1 u 3 u 4 f 4 3 f 4 Abstract system Concrete system Facets F = { f 1 , f 2 , f 3 , f 4 } An edge between facets indicates the existence of an execution. Weights capture information about distance to the equilibrium point along the executions. 24

  25. Quantitative Predicate Abstraction f 2 f 2 1 u 1 u 2 3 2 f 3 f 1 π f 3 f 1 ⇒ = 1 1 u 3 u 4 f 4 3 f 4 Abstract system Concrete system W ( π ) = 2 · 1 3 · 1 3 · 1 = 2 Facets F = { f 1 , f 2 , f 3 , f 4 } 9 < 1 An edge between facets indicates the existence of an execution. Weights capture information about distance to the equilibrium point along the executions. 25

  26. Quantitative Predicate Abstraction - samples f 2 f 2 f 2 f 3 f 1 f 3 f 1 f 1 f 3 f 4 f 4 f 4 f 2 f 2 f 2 1 / 2 1 1 1 1 2 f 3 f 3 f 3 f 1 f 1 f 1 1 / 2 1 1 1 2 1 f 4 f 4 f 4 Product of edge weights = 1 Product of edge weights = 1/4 Product of edge weights = 4 Lyapunov Stable Asymptotically Stable Unstable 26

  27. Weight computation Constant dynamics ˙ x = c Higher dimensions z 2 dimension | ~ | ~ b + ~ d | b | 6 = ~ a + ~ | ~ a | | ~ d | d f 1 f 2 c ~ b α d 2 f 2 ~ α d 1 a ~ d x c d 2 d 1 f 1 y Weight (LP problems) Weight sup | v 2 | | d 2 | | d 1 | = | α d 2 | | v 1 | | α d 1 | t > 0 , v 1 ∈ f 1 , v 2 ∈ f 2 , v 2 = v 1 + ct 27

  28. Weight computation Polyhedral inclusion dynamics ˙ x ∈ P P is a polyhedral set c ^ a i · x ≤ b i c Weight (LP problems) sup | v 2 | V a i · ( v 2 − v 1 ) 6 b i t | v 1 | t > 0 , v 1 ∈ f 1 , v 2 ∈ f 2 , v 2 = v 1 + ct, V a i · c 6 b i 28

  29. Weight computation Linear dynamics ˙ x = Ax Weight sup | v 2 | | v 1 | t > 0 , v 1 ∈ f 1 , v 2 ∈ f 2 , v 2 = v 1 e At ✤ Solution is an exponential function ✤ Need a representation on which optimization can be performed ✤ Approximation methods [Girard et al., Frehse et al.] 29

  30. Hybridization 30

  31. Hybridization and soundness x 1 6 0 R x 2 > 0 x 2 x 2 x = Ax x ∈ P ˙ ˙ x 1 x 1 P = { Ax : x ∈ R } Linear hybrid system Polyhedral hybrid system Theorem - Hybridization If the hybridized polyhedral hybrid system is Lyapunov (asymptotically) stable then the original linear hybrid system is Lyapunov (asymptotically) stable. Hybridization for stability analysis of switched linear systems. HSCC’16 31

  32. Soundness of Quantitative Predicate Abstraction Theorem - Model-checking A polyhedral hybrid system is Lyapunov stable if ✤ the abstract weighted graph has no edges with infinite weights, and ✤ no cycles with product of edge weights greater than 1 Abstract system Abstract system 1 1 2 2 1 1 2 2 2 1 1 2 1 3 1 π 1 1 There is a cycle, π , with weight greater Every cycle has weight smaller than 1 than 1 => π is an abstract counterexample => Concrete system is stable => Stop => Validation Abstraction based model-checking of stability of hybrid systems. CAV’13 Foundations of Quantitative Predicate Abstraction for Stability Analysis of Hybrid Systems. VMCAI’15 32

Recommend


More recommend